Client Alert: Cybersecurity - "The Best Defense is a Good Offense"

Take Action

Identify and address your vulnerabilities to help minimize your cyber risk and mitigate the damage to your organization should you become the victim of a cyber-attack.

Vince Lombardi's astute assessment of football, "The best defense is a good offense," also rings true in today's world of cybersecurity. In the wake of the highly publicized cyber-attacks on large corporations such as Target Corporation and Home Depot, and numerous banks throughout the country, attention to cybersecurity issues has increased drastically in recent years. Cyber-attacks are occurring more frequently and are becoming increasingly more sophisticated. The reality is — you are vulnerable. But identifying and addressing your vulnerabilities can help minimize your cyber risk and mitigate the damage to your organization should you become the victim of a cyber-attack. Waiting until after a cyber-attack to take action would be like attempting a pass from the 1-yard line instead of handing it off to your star running back with less than a minute left in the game and victory hanging in the balance. You know what we're talking about...

Offensive Playbook: Assess & Manage Your Cybersecurity

Bank regulators have been urging executives and boards of directors to become more involved — to proactively engage in managing cybersecurity — and with cybersecurity in the spotlight, the time to act is now. To effectively oversee cybersecurity issues, executives and boards of directors should consider the following actions:

Defensive Formation: Disclosure Guidelines & Risk Factors

Cybersecurity refers to the technology, processes and practices designed to protect computers, networks and data from attacks, damage and unauthorized access. The SEC issued guidance relating to cybersecurity risks and cyber incidents, suggesting organizations disclose the risk of cyber incidents if the risk is significant. Such cybersecurity risk factors include:

Aspects of your organization that place you at risk, with the potential costs and consequences

Outsourced functions of your organization subject to risks

A description of any material cyber incidents or attempts on your organization

The risk that cyber incidents may go undetected for a period of time

A description of your insurance coverage for cybersecurity breaches

Item of Interest

Disclosure, risk assessment, compliance with SEC and regulatory guidelines, as well as the immediate and appropriate response to breaches, should help protect your organization from intrusions, negative publicity, enforcement actions and litigation.

You may also need to disclose cybersecurity risks and incidents in the following sections of your Form 10-Ks, if applicable:

Management’s Discussion and Analysis

Description of Business

Legal Proceedings

Financial Statement Disclosures

Disclosure Controls and Procedures

On the Field: Cybersecurity & The Financial Industry

The threat of cyber-attacks is real and widespread, with the potential to severely impact the entire financial industry. As a result, financial institutions may have the added burden of covering the risk factors related to cyber-attacks on third parties that may result in losses to their organization, in addition to the risks to their own systems. In light of the SEC’s increased attention to cybersecurity, we recommend including a cybersecurity risk factor, or reviewing and updating your current cybersecurity risk factor, in your filings with the SEC to highlight the risks of a cyber-attack on your organization, if applicable.

References

For assistance regarding how to disclose cybersecurity risks or guidance for your board of directors and executives regarding their roles in monitoring cybersecurity risks, please contact one of our attorneys.